Cyber Incident Victim: Qatar National Bank

On April 25, 2016, documents allegedly originating from Qatar National Bank (QNB) appeared on the file-sharing platform Global-Files.net. The leak was short-lived, as the user responsible removed the files shortly after publication. Cryptome, a whistleblower documentation site, announced via Twitter its intention to re-host the leaked data but had not done so by the time of initial reporting. Cryptome’s social media posts indicated the compromised material included 15,460 files totaling 1.4GB, with a compressed version available as a 431MB ZIP archive. The organization described the leak as containing sensitive account information spanning over 100,000 records, including passwords, PINs, and references to "Spies," though specific details about the latter were not elaborated. Al Jazeera’s initial tweet about the incident prompted Cryptome’s public response, which included links to the data and a commitment to preserve access if the original distribution point became unavailable.

The leaked data’s scope comprised numerous small files alongside dozens of larger documents, though their exact formats or contents beyond credentials were not specified. Cryptome’s tweets suggested potential regional connections by questioning "RU?"—an abbreviation possibly indicating Russian involvement—but provided no corroborating evidence. The breach exposed authentication details at scale, risking unauthorized access to financial accounts and operational systems. No statements from QNB regarding incident verification, containment measures, or forensic investigations were reported at the time. Cryptome maintained a neutral stance, humorously noting it would withhold the data only if "irresistibly bribed" but otherwise planned to host the files unredacted. The immediate consequence was the unauthorized dissemination of highly sensitive banking information, though downstream impacts—such as fraud or regulatory actions—were not yet documented in the available sources.